ci: add changeset validation to pull request workflow#325
Merged
geoquant merged 4 commits intocloudflare:mainfrom Mar 27, 2026
Merged
ci: add changeset validation to pull request workflow#325geoquant merged 4 commits intocloudflare:mainfrom
geoquant merged 4 commits intocloudflare:mainfrom
Conversation
Adds a 'changeset' job to pullrequest.yml that runs the same validate-kumo-changeset.ts script used by the lefthook pre-push hook. This ensures changeset validation cannot be bypassed with --no-verify or LEFTHOOK=0. The job: - Uses fetch-depth: 0 for full git history (needed for base branch diff) - Runs independently of the build job (no artifact dependency) - Reuses the existing CI-aware validation script - 2 minute timeout (lightweight check)
commit: |
Contributor
Docs PreviewCommit: |
mattrothenberg
approved these changes
Mar 27, 2026
GITHUB_HEAD_REF is a branch name (e.g. 'geoquant/changeset-pipeline'), not a commit SHA. After actions/checkout it doesn't exist as a local git ref — especially for fork PRs. This causes the git diff to fail, which makes the script assume kumo changes exist and then fail because no changeset is found. Clearing GITHUB_HEAD_REF lets the script fall through to GITHUB_SHA (always a valid commit) for the diff comparison.
GITHUB_HEAD_REF is a branch name (e.g. 'geoquant/changeset-pipeline') that doesn't exist as a local git ref for fork PRs. The previous env override approach didn't work — GitHub's GITHUB_* vars can't be overridden at the step level. Fix: add resolveHeadRef() that validates each candidate ref with 'git rev-parse --verify' before using it. Falls back through: GITHUB_HEAD_REF → GITHUB_SHA → HEAD This ensures the git diff command always uses a valid local ref.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a
changesetjob to the pull request workflow that runs the samevalidate-kumo-changeset.tsscript used by the lefthook pre-push hook. This ensures changeset validation cannot be bypassed with--no-verifyorLEFTHOOK=0.Problem
The changeset validation currently only runs as a local pre-push hook via lefthook. Contributors can bypass it with:
git push --no-verifyLEFTHOOK=0 git pushLEFTHOOK_EXCLUDE=validate-changeset git pushThis means PRs can be opened without the required changeset for
packages/kumo/changes.Solution
Add a CI job that runs the same validation script (
ci/scripts/validate-kumo-changeset.ts) in the GitHub Actions pull request workflow. The script already handles both local and CI contexts (GITHUB_BASE_REF,GITHUB_EVENT_NAME, etc.).The job:
fetch-depth: 0for full git history (needed for base branch diff)